就是这个  http://www.ylb521.cn/shop1.htm  网站,在我浏览网站的时候不时弹出。

我关掉拦截窗口功能观察,发现这个窗口弹出没什么规律,有的时候弹出来,有的时候一直不弹。

我装的是正版金山毒霸2008套装,用清理专家检查后评分100,没漏洞也没恶意软件,在线检测系统也没任何问题;利用毒霸精细全盘杀毒后,也没有任何发现。

此外,我还用360安全卫士,杀马2款软件进行了彻底检查一样没有问题。

朋友说可能是DNS劫持,我修改了TCP/IP属性里的DNS主,次服务器地址,窗口还是会弹出.......

今天干脆重新格盘安装了系统,未连网就安好了毒霸2008套装以及金山ARP防火墙,开始几个小时不在弹这个了.可现在窗口又出现了。

唉,郁闷死了,究竟是什么东西这么厉害,希望金山能争口气帮我解决这个流氓窗口。

我已经用了4年的金山了,难道国货真得不如那些外国杀软吗,伤心中..........

很多网站都会弹出来,如新浪,TOM,贪婪大陆,但都是一会弹一会不弹,不是打开任何网站都出来,反而是如果浏览论坛之类的一般都不出来

[ 本帖最后由 qw2018 于 2008-1-7 15:03 编辑 ]

上传了截图,这是在新浪的游戏专区,在外面的新浪首页还弹了次

晕........绝对不是网站的问题,新浪的广告窗口不是这样的

好多网站都出来过,新浪,TOM,还有XP的主页也出现过

我想解决这个问题,不是掩盖它,现在很多流氓东东在出手前,都对常用软件进行了检测,相信是安全软件还没他们的数据

金山清理专家-在线系统诊断-隐藏所有安全的项目 将不安全的项目发上来看看!

自己去网络上面下载一个广告专杀不就行了，金山不行，你就想想其它办法啊

==============================================================
        金山清理专家系统诊断报告

该诊断报告由金山清理专家提供 http://www.duba.net
=============================================================
==============================================================
        Host File
==============================================================

127.0.0.1       localhost

==============================================================
        其他安全区域
==============================================================

该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

        [Desktop Explorer]    <C:\WINDOWS\system32\nvshell.dll>
        文件路径: C:\WINDOWS\system32\nvshell.dll [分析中]

        [{1E9B04FB-F9E5-4718-997B-B8DA88302A47}] <C:\WINDOWS\system32\nvshell.dll>
        文件路径: C:\WINDOWS\system32\nvshell.dll [分析中]

        [nView Desktop Context Menu] <C:\WINDOWS\system32\nvshell.dll>
        文件路径: C:\WINDOWS\system32\nvshell.dll [分析中]


由于我用的是NV显卡,这3个应该是显卡驱动里的东西,就这些


我把日志也传上来,刚装的系统,日志就这些

WindowsVersion=Windows XP
IEVersion=7.0.5730.13
WinDir=C:\WINDOWS\
WinSystemDir=C:\WINDOWS\system32\
USERPROFILE=C:\Documents and Settings\K1037
Admin=1
Detail=1
Date=2008-01-07
Time=15:16:39
Code=,
CDCode=,
Reg=0

[Soft]
Max=0

[IE]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Main
1_Name=Window Title
1_Value=
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Main
2_Name=Local Page
2_Value=C:\WINDOWS\system32\blank.htm
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Main
3_Name=Search Page
3_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Main
4_Name=Start Page
4_Value=about:blank
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\Main
5_Name=Default_page_url
5_Value=
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\Main
6_Name=First Home Page
6_Value=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Internet Explorer\Main
7_Name=Search Page
7_Value=http://go.microsoft.com/fwlink/?LinkId=54896
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Internet Explorer\Main
8_Name=Start Page
8_Value=http://go.microsoft.com/fwlink/?LinkId=69157
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Internet Explorer\Main
9_Name=Default_page_url
9_Value=http://go.microsoft.com/fwlink/?LinkId=69157
10_HKey=HKEY_LOCAL_MACHINE
10_Key=Software\Microsoft\Internet Explorer\Main
10_Name=First Home Page
10_Value=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=Software\Microsoft\Internet Explorer\Main
11_Name=Search Page
11_Value=http://go.microsoft.com/fwlink/?LinkId=54896
12_HKey=HKEY_LOCAL_MACHINE
12_Key=Software\Microsoft\Internet Explorer\Main
12_Name=Start Page
12_Value=http://go.microsoft.com/fwlink/?LinkId=69157
Max=12

[IE2]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
1_Name=ITBar7Layout
1_FileName=
1_FileVersion=
1_FileCompanyName=
Max=1

[IE3]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\MenuExt\使用脱兔下载
1_FileName=E:\Tuotu\TT_one.htm
1_FileSize=3599
1_FileDate=2007-7-23 13:53:10
1_FileVersion=
1_FileCompanyName=
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\MenuExt\使用脱兔下载全部链接
2_FileName=E:\Tuotu\TT_all.htm
2_FileSize=834
2_FileDate=2007-3-19 0:53:26
2_FileVersion=
2_FileCompanyName=
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AECD3C1-7085-4731-96DC-47B6CF7EF749}
3_Clsid={1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
3_ButtonText=金山网页防挂马模块设置
3_MenuText=金山网页防挂马模块设置
3_FileName=
3_FileVersion=
3_FileCompanyName=
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
4_Clsid={1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
4_ButtonText=
4_MenuText=@xpsp3res.dll,-20001
4_FileName=
4_FileVersion=
4_FileCompanyName=
5_HKey=HKEY_CURRENT_USER
5_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
5_Clsid=
5_ButtonText=
5_MenuText=
5_FileName=
5_FileVersion=
5_FileCompanyName=
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BECAB3A-E1F8-45E6-8332-38DD750EBA01}
6_Clsid=CLDown Object
6_FileName=E:\Tuotu\TuoTuHelper_v8.dll
6_FileSize=114688
6_FileDate=2007-7-11 16:10:20
6_FileVersion=2.0.0.6
6_FileCompanyName=Tuotu.com
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333}
7_Clsid=Kingsoft Trojan Webshield
7_FileName=C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\IEBuddy.DLL
7_FileSize=349528
7_FileDate=2007-11-11 2:31:06
7_FileVersion=2007.8.16.41
7_FileCompanyName=Kingsoft Corporation
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4EECE2F3-2B43-4EEE-8FBE-E57AAE90D6AA}
8_NameServer=
8_Clsid=
8_FileName=
8_FileVersion=
8_FileCompanyName=
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{867D956B-A301-4E7B-9891-A7CD86A804A5}
9_NameServer=
9_Clsid=
9_FileName=
9_FileVersion=
9_FileCompanyName=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96BEE947-A36E-4431-9D78-A0F2BD4A5845}
10_NameServer=
10_Clsid=
10_FileName=
10_FileVersion=
10_FileCompanyName=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D4E518B3-0DD2-4AD9-83E2-350E4D69985B}
11_NameServer=
11_Clsid=
11_FileName=
11_FileVersion=
11_FileCompanyName=
Max=11

[Link]
1_HKey=HKEY_CLASSES_ROOT
1_Key=.exe
1_Name=
1_Value=exefile
1_HKeyLink=HKEY_CLASSES_ROOT
1_KeyLink=exefile\shell\open\command
1_NameLink=
1_ValueLink="%1" %*
2_HKey=HKEY_CLASSES_ROOT
2_Key=.com
2_Name=
2_Value=comfile
2_HKeyLink=HKEY_CLASSES_ROOT
2_KeyLink=comfile\shell\open\command
2_NameLink=
2_ValueLink="%1" %*
3_HKey=HKEY_CLASSES_ROOT
3_Key=.lnk
3_Name=
3_Value=lnkfile
3_HKeyLink=HKEY_CLASSES_ROOT
3_KeyLink=lnkfile\CLSID
3_NameLink=
3_ValueLink={00021401-0000-0000-C000-000000000046}
4_HKey=HKEY_CLASSES_ROOT
4_Key=.txt
4_Name=
4_Value=txtfile
4_HKeyLink=HKEY_CLASSES_ROOT
4_KeyLink=txtfile\shell\open\command
4_NameLink=
4_ValueLink=%SystemRoot%\system32\NOTEPAD.EXE %1
4_FileSizeLink=66560
4_FileDateLink=2007-11-11 4:29:00
4_FileVersionLink=5.1.2600.2180
4_FileCompanyNameLink=Microsoft Corporation
5_HKey=HKEY_CLASSES_ROOT
5_Key=.htm
5_Name=
5_Value=htmlfile
5_HKeyLink=HKEY_CLASSES_ROOT
5_KeyLink=htmlfile\shell\open\command
5_NameLink=
5_ValueLink="C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
5_FileSizeLink=625152
5_FileDateLink=2007-10-10 18:57:46
5_FileVersionLink=7.0.6000.16574
5_FileCompanyNameLink=Microsoft Corporation
6_HKey=HKEY_CLASSES_ROOT
6_Key=.html
6_Name=
6_Value=htmlfile
6_HKeyLink=HKEY_CLASSES_ROOT
6_KeyLink=htmlfile\shell\open\command
6_NameLink=
6_ValueLink="C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
6_FileSizeLink=625152
6_FileDateLink=2007-10-10 18:57:46
6_FileVersionLink=7.0.6000.16574
6_FileCompanyNameLink=Microsoft Corporation
7_HKey=HKEY_CLASSES_ROOT
7_Key=.url
7_Name=
7_Value=InternetShortcut
7_HKeyLink=HKEY_CLASSES_ROOT
7_KeyLink=InternetShortcut\shell\open\command
7_NameLink=
7_ValueLink=rundll32.exe ieframe.dll,OpenURL %l
8_HKey=HKEY_CLASSES_ROOT
8_Key=PROTOCOLS\Filter\text/html
8_Name=CLSID
8_Value=
9_HKey=HKEY_CLASSES_ROOT
9_Key=PROTOCOLS\Filter\text/plain
9_Name=CLSID
9_Value=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
10_Name=
10_Value=http://
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
11_Name=www
11_Value=http://
Max=11

[Notify]
Max=0

[Shdoclc]
1_FileSize=498176
1_FileDate=2007-11-11 4:29:00
1_FileVersion=6.0.2900.2180
1_FileCompanyName=Microsoft Corporation
Max=1

[AppInit_DLLs]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
1_Name=AppInit_DLLs
1_Value=
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2_Name=Userinit
2_Value=C:\WINDOWS\system32\userinit.exe
2_FileSize=23552
2_FileDate=2007-11-11 4:29:00
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
3_Name=Shell
3_Value=Explorer.exe
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
4_Name=System
3_Value=
Max=4

[WinSock2NameSpace]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
1_Name=DisplayString
1_Value=Tcpip
1_Enabled=1
1_LibraryPath=%SystemRoot%\System32\mswsock.dll
1_FileSize=240640
1_FileDate=2007-11-11 4:29:00
1_FileVersion=5.1.2600.2180
1_FileCompanyName=Microsoft Corporation
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2_Name=DisplayString
2_Value=NTDS
2_Enabled=1
2_LibraryPath=%SystemRoot%\System32\winrnr.dll
2_FileSize=16896
2_FileDate=2007-11-11 4:29:00
2_FileVersion=5.1.2600.2180
2_FileCompanyName=Microsoft Corporation
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
3_Name=DisplayString
3_Value=网络位置知晓 (NLA) 名称空间
3_Enabled=1
3_LibraryPath=%SystemRoot%\System32\mswsock.dll
3_FileSize=240640
3_FileDate=2007-11-11 4:29:00
3_FileVersion=5.1.2600.2180
3_FileCompanyName=Microsoft Corporation
Max=3

[WinSock2Protocol]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
1_Name=PackedCatalogItem
1_FileName=%SystemRoot%\system32\mswsock.dll ?
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
2_Name=PackedCatalogItem
2_FileName=%SystemRoot%\system32\mswsock.dll ?
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
3_Name=PackedCatalogItem
3_FileName=%SystemRoot%\system32\mswsock.dll ?
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
4_Name=PackedCatalogItem
4_FileName=%SystemRoot%\system32\rsvpsp.dll
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
5_Name=PackedCatalogItem
5_FileName=%SystemRoot%\system32\rsvpsp.dll
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
6_Name=PackedCatalogItem
6_FileName=%SystemRoot%\system32\mswsock.dll ?
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
7_Name=PackedCatalogItem
7_FileName=%SystemRoot%\system32\mswsock.dll ?
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
8_Name=PackedCatalogItem
8_FileName=%SystemRoot%\system32\mswsock.dll ?
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
9_Name=PackedCatalogItem
9_FileName=%SystemRoot%\system32\mswsock.dll ?
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
10_Name=PackedCatalogItem
10_FileName=%SystemRoot%\system32\mswsock.dll ?
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
11_Name=PackedCatalogItem
11_FileName=%SystemRoot%\system32\mswsock.dll ?
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
12_Name=PackedCatalogItem
12_FileName=%SystemRoot%\system32\mswsock.dll ?
13_HKey=HKEY_LOCAL_MACHINE
13_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
13_Name=PackedCatalogItem
13_FileName=%SystemRoot%\system32\mswsock.dll ?
Max=13

[WinSock2Winsock]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=System\CurrentControlSet\Services\Winsock2\Winsock
1_Name=PathName
1_Value=
1_Found=0
Max=1

[WOW]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\WOW
1_Name=cmdline
1_Value=%SystemRoot%\system32\ntvdm.exe -o
1_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
1_FileSize=417280
1_FileDate=2007-11-11 4:29:00
1_FileVersion=5.1.2600.2180
1_FileCompanyName=Microsoft Corporation
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Control\WOW
2_Name=wowcmdline
2_Value=%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
2_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
2_FileSize=417280
2_FileDate=2007-11-11 4:29:00
2_FileVersion=5.1.2600.2180
2_FileCompanyName=Microsoft Corporation
Max=2

[ShellExecuteHooks]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
1_Name={AEB6717E-7E19-11d0-97EE-00C04FD91972}
1_ClsidName=URL 执行挂钩
1_FileName=C:\WINDOWS\system32\shell32.dll
1_FileSize=8317952
1_FileDate=2007-10-26 0:43:28
Max=1

[ShellServiceObjectDelayLoad]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
1_Name=WPDShServiceObj
1_Value={AAA288BA-9A4C-45B0-95D7-94D524869DB5}
1_ClsidName=WPDShServiceObj Class
1_FileName=C:\WINDOWS\system32\wpdshserviceobj.dll
1_FileSize=133632
1_FileDate=2007-11-11 4:29:00
1_FileVersion=5.2.5721.5145
1_FileCompanyName=Microsoft Corporation
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
2_Name=PostBootReminder
2_Value={7849596a-48ea-486e-8937-a2a3009f31a9}
2_ClsidName=PostBootReminder 对象
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8317952
2_FileDate=2007-10-26 0:43:28
2_FileVersion=6.0.2900.3241
2_FileCompanyName=Microsoft Corporation
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
3_Name=CDBurn
3_Value={fbeb8a05-beee-4442-804e-409d6c4515e9}
3_ClsidName=烧 CD 的 ShellFolder
3_FileName=%SystemRoot%\system32\SHELL32.dll
3_FileSize=8317952
3_FileDate=2007-10-26 0:43:28
3_FileVersion=6.0.2900.3241
3_FileCompanyName=Microsoft Corporation
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
4_Name=WebCheck
4_Value={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
4_ClsidName=WebCheck
4_FileName=C:\WINDOWS\system32\webcheck.dll
4_FileSize=232960
4_FileDate=2007-10-11 7:46:24
4_FileVersion=7.0.6000.16574
4_FileCompanyName=Microsoft Corporation
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
5_Name=SysTray
5_Value={35CEC8A3-2BE6-11D2-8773-92E220524153}
5_ClsidName=SysTray
5_FileName=C:\WINDOWS\system32\stobject.dll
5_FileSize=121344
5_FileDate=2007-11-11 4:29:00
5_FileVersion=5.1.2600.2180
5_FileCompanyName=Microsoft Corporation
Max=5

[SharedTaskScheduler]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
1_Name={438755C2-A8BA-11D1-B96B-00A0C90312E1}
1_Value=Browseui 预加载程序
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1023488
1_FileDate=2007-10-11 13:58:22
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
2_Name={8C7461EF-2B13-11d2-BE35-3078302C2030}
2_Value=组件类别缓存程序
2_FileName=%SystemRoot%\system32\browseui.dll
2_FileSize=1023488
2_FileDate=2007-10-11 13:58:22
Max=2

[ProtocolDefaults]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
1_Name=
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
2_Name=http
2_Value=3
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
3_Name=https
3_Value=3
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
4_Name=ftp
4_Value=3
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
5_Name=file
5_Value=3
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
6_Name=@ivt
6_Value=1
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
7_Name=shell
7_Value=0
Max=7

[BootExecute]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\Session Manager
1_Name=BootExecute
1_Value=autocheck autochk *
Max=1

[Startup]
Max=0

[AutoRun]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=Software\Microsoft\Windows\CurrentVersion\Run
1_Name=KavStart
1_Value="c:\program files\kingsoft\kingsoft internet security 2008\kavstart.exe" -startup
1_FileSize=151384
1_FileDate=2007-12-2 23:15:00
1_FileVersion=2007.12.2.142
1_FileCompanyName=Kingsoft Corporation
2_HKey=HKEY_LOCAL_MACHINE
2_Key=Software\Microsoft\Windows\CurrentVersion\Run
2_Name=KBD
2_Value=c:\hp\kbd\kbd.exe
2_FileSize=61440
2_FileDate=2005-2-2 16:44:24
2_FileVersion=1.0.2.2
2_FileCompanyName=Hewlett-Packard Company
3_HKey=HKEY_LOCAL_MACHINE
3_Key=Software\Microsoft\Windows\CurrentVersion\Run
3_Name=PS2
3_Value=c:\windows\system32\ps2.exe
3_FileSize=90112
3_FileDate=2004-10-25 15:17:56
3_FileVersion=1.0.2.2
3_FileCompanyName=Hewlett-Packard Company
4_HKey=HKEY_LOCAL_MACHINE
4_Key=Software\Microsoft\Windows\CurrentVersion\Run
4_Name=racer
4_Value=
5_HKey=HKEY_LOCAL_MACHINE
5_Key=Software\Microsoft\Windows\CurrentVersion\Run
5_Name=NvCplDaemon
5_Value=rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
5_FileSize=8523776
5_FileDate=2007-12-5 1:41:00
5_FileVersion=6.14.11.6921
5_FileCompanyName=NVIDIA Corporation
6_HKey=HKEY_LOCAL_MACHINE
6_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
6_Name=load
6_Value=
7_HKey=HKEY_CURRENT_USER
7_Key=Software\Microsoft\Windows\CurrentVersion\Run
7_Name=ctfmon.exe
7_Value=c:\windows\system32\ctfmon.exe
7_FileSize=15360
7_FileDate=2007-11-11 4:29:00
7_FileVersion=5.1.2600.2180
7_FileCompanyName=Microsoft Corporation
8_HKey=HKEY_CURRENT_USER
8_Key=Software\Microsoft\Windows\CurrentVersion\Run
8_Name=KavPFW
8_Value="c:\program files\kingsoft\kingsoft internet security 2008\kpfw32.exe"
8_FileSize=4263256
8_FileDate=2008-1-6 15:44:21
8_FileVersion=2007.12.24.165
8_FileCompanyName=Kingsoft Corporation
9_HKey=HKEY_CURRENT_USER
9_Key=Software\Microsoft\Windows\CurrentVersion\Run
9_Name=Antispy ARP
9_Value=c:\program files\kingsoft\antiarp\kasarp.exe
9_FileSize=632152
9_FileDate=2007-12-18 11:34:32
9_FileVersion=2007.12.18.123
9_FileCompanyName=Kingsoft Corporation
10_HKey=HKEY_CURRENT_USER
10_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
10_Name=load
10_Value=
Max=10

[Process]
1_FileName=C:\WINDOWS\SYSTEM32\SMSS.EXE
1_FileSize=50688
1_FileDate=2007-11-11 4:29:00
1_FileVersion=5.1.2600.2180
1_FileCompanyName=Microsoft Corporation
2_FileName=C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2_FileSize=487424
2_FileDate=2007-11-11 4:29:00
2_FileVersion=5.1.2600.2180
2_FileCompanyName=Microsoft Corporation
3_FileName=C:\WINDOWS\SYSTEM32\SERVICES.EXE
3_FileSize=108032
3_FileDate=2007-11-11 4:29:00
3_FileVersion=5.1.2600.2180
3_FileCompanyName=Microsoft Corporation
4_FileName=C:\WINDOWS\SYSTEM32\LSASS.EXE
4_FileSize=13312
4_FileDate=2007-11-11 4:29:00
4_FileVersion=5.1.2600.2180
4_FileCompanyName=Microsoft Corporation
5_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
5_FileSize=14336
5_FileDate=2007-11-11 4:29:00
5_FileVersion=5.1.2600.2180
5_FileCompanyName=Microsoft Corporation
6_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
6_FileSize=14336
6_FileDate=2007-11-11 4:29:00
6_FileVersion=5.1.2600.2180
6_FileCompanyName=Microsoft Corporation
7_FileName=C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KPFWSVC.EXE
7_FileSize=61784
7_FileDate=2008-1-6 15:44:14
7_FileVersion=2007.12.24.165
7_FileCompanyName=Kingsoft Corporation
8_FileName=C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KWATCH.EXE
8_FileSize=126296
8_FileDate=2007-12-2 23:15:00
8_FileVersion=2007.11.30.131
8_FileCompanyName=Kingsoft Corporation
9_FileName=C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
9_FileSize=57856
9_FileDate=2007-11-11 4:29:00
9_FileVersion=5.1.2600.2696
9_FileCompanyName=Microsoft Corporation
10_FileName=C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KISSVC.EXE
10_FileSize=31576
10_FileDate=2007-12-2 23:15:00
10_FileVersion=2007.11.29.128
10_FileCompanyName=Kingsoft Corporation
11_FileName=C:\WINDOWS\SYSTEM32\NVSVC32.EXE
11_FileSize=155716
11_FileDate=2007-12-5 1:41:00
11_FileVersion=6.14.11.6921
11_FileCompanyName=NVIDIA Corporation
12_FileName=C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KMAILMON.EXE
12_FileSize=130904
12_FileDate=2008-1-6 15:44:45
12_FileVersion=2007.12.24.165
12_FileCompanyName=Kingsoft Corporation
13_FileName=C:\WINDOWS\EXPLORER.EXE
13_FileSize=977920
13_FileDate=2007-11-11 4:29:00
13_FileVersion=6.0.2900.3156
13_FileCompanyName=Microsoft Corporation
14_FileName=C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KAVSTART.EXE
14_FileSize=151384
14_FileDate=2007-12-2 23:15:00
14_FileVersion=2007.12.2.142
14_FileCompanyName=Kingsoft Corporation
15_FileName=C:\HP\KBD\KBD.EXE
15_FileSize=61440
15_FileDate=2005-2-2 16:44:24
15_FileVersion=1.0.2.2
15_FileCompanyName=Hewlett-Packard Company
16_FileName=C:\WINDOWS\SYSTEM32\CTFMON.EXE
16_FileSize=15360
16_FileDate=2007-11-11 4:29:00
16_FileVersion=5.1.2600.2180
16_FileCompanyName=Microsoft Corporation
17_FileName=C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KPFW32.EXE
17_FileSize=4263256
17_FileDate=2008-1-6 15:44:21
17_FileVersion=2007.12.24.165
17_FileCompanyName=Kingsoft Corporation
18_FileName=C:\PROGRAM FILES\KINGSOFT\ANTIARP\KASARP.EXE
18_FileSize=632152
18_FileDate=2007-12-18 11:34:32
18_FileVersion=2007.12.18.123
18_FileCompanyName=Kingsoft Corporation
19_FileName=C:\WINDOWS\SYSTEM32\CONIME.EXE
19_FileSize=27648
19_FileDate=2007-11-11 4:29:00
19_FileVersion=5.1.2600.2180
19_FileCompanyName=Microsoft Corporation
20_FileName=C:\PROGRAM FILES\RACER-CCN-RACERPC-HA\RACER.EXE
20_FileSize=143360
20_FileDate=2008-1-6 15:39:27
20_FileVersion=3.3.130.306
20_FileCompanyName=Putian Runway
21_FileName=C:\PROGRAM FILES\RACER-CCN-RACERPC-HA\RACERKP.EXE
21_FileSize=249856
21_FileDate=2008-1-6 15:39:34
21_FileVersion=1.0.0.1
21_FileCompanyName=北京润汇科技有限公司
22_FileName=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
22_FileSize=625152
22_FileDate=2007-10-10 18:57:46
22_FileVersion=7.0.6000.16574
22_FileCompanyName=Microsoft Corporation
23_FileName=E:\SUPER RABBIT\MAGICSET\SRIEH.EXE
23_FileSize=775680
23_FileDate=2007-12-26 23:28:44
23_FileVersion=8.20.0.0
23_FileCompanyName=Super Rabbit Soft
24_FileName=[SYSTEM PROCESS]
25_FileName=C:\WINDOWS\system32\CSRSS.EXE
25_FileSize=6144
25_FileDate=2007-11-11 4:29:00
25_FileVersion=5.1.2600.2180
25_FileCompanyName=Microsoft Corporation
26_FileName=WMIPRVSE.EXE
Max=26

[Hosts]
HostsFile=C:\WINDOWS\system32\Drivers\Etc\Hosts
1_Host=127.0.0.1       localhost
Max=1

[Service]
1_ServiceName=KISSvc
1_DisplayName=Kingsoft Internet Security Common Service
1_Description=金山毒霸公共服务程序
1_Status=已启动
1_StartType=自动
1_ServiceDll=
1_ImagePath=C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KISSVC.EXE

2_ServiceName=KPfwSvc
2_DisplayName=Kingsoft Personal Firewall Service
2_Description=金山毒霸个人防火墙服务程序
2_Status=已启动
2_StartType=自动
2_ServiceDll=
2_ImagePath="C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KPFWSVC.EXE"

3_ServiceName=KWatchSvc
3_DisplayName=Kingsoft Antivirus KWatch Service
3_Description=金山毒霸文件实时防毒服务程序
3_Status=已启动
3_StartType=自动
3_ServiceDll=
3_ImagePath="C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KWATCH.EXE"

Max=3

[Driver]
1_ServiceName=Arp1394
1_DisplayName=1394 ARP 客户端协议
1_Description=1394 ARP 客户端协议
1_ServiceDll=
1_ImagePath=SYSTEM32\DRIVERS\ARP1394.SYS
2_ServiceName=ENUS_NDIS_DRIVER
2_DisplayName=ENUS_NDIS_DRIVER
2_Description=
2_ServiceDll=
2_ImagePath=SYSTEM32\ENUSNDIS.SYS
3_ServiceName=HdAudAddService
3_DisplayName=Microsoft UAA Function Driver for High Definition Audio Service
3_Description=
3_ServiceDll=
3_ImagePath=SYSTEM32\DRIVERS\HDAUDIO.SYS
4_ServiceName=IntcAzAudAddService
4_DisplayName=Service for Realtek HD Audio (WDM)
4_Description=
4_ServiceDll=
4_ImagePath=SYSTEM32\DRIVERS\RTKHDAUD.SYS
5_ServiceName=KAntiarp
5_DisplayName=Kingsoft AntiARP NIDS Driver
5_Description=
5_ServiceDll=
5_ImagePath=SYSTEM32\DRIVERS\KANTIARP.SYS
6_ServiceName=KAVBase
6_DisplayName=KAVBase
6_Description=
6_ServiceDll=
6_ImagePath=C:\WINDOWS\SYSTEM32\DRIVERS\KAVBASE.SYS
7_ServiceName=KAVBootC
7_DisplayName=KAVBootC
7_Description=
7_ServiceDll=
7_ImagePath=SYSTEM32\DRIVERS\KAVBOOTC.SYS
8_ServiceName=KNetWch
8_DisplayName=KNetWch
8_Description=
8_ServiceDll=
8_ImagePath=C:\PROGRAM FILES\KINGSOFT\KINGSOFT INTERNET SECURITY 2008\KNETWCH.SYS
9_ServiceName=KWatch3
9_DisplayName=KWatch3
9_Description=
9_ServiceDll=
9_ImagePath=C:\WINDOWS\SYSTEM32\DRIVERS\KWATCH3.SYS
10_ServiceName=NIC1394
10_DisplayName=1394 网络驱动程序
10_Description=
10_ServiceDll=
10_ImagePath=SYSTEM32\DRIVERS\NIC1394.SYS
11_ServiceName=NPF
11_DisplayName=NetGroup Packet Filter Driver
11_Description=
11_ServiceDll=
11_ImagePath=SYSTEM32\DRIVERS\NPF.SYS
12_ServiceName=Ps2
12_DisplayName=PS2
12_Description=
12_ServiceDll=
12_ImagePath=SYSTEM32\DRIVERS\PS2.SYS
13_ServiceName=RTL8023xp
13_DisplayName=Realtek 10/100/1000 PCI NIC Family NDIS XP Driver
13_Description=
13_ServiceDll=
13_ImagePath=SYSTEM32\DRIVERS\RTNICXP.SYS
14_ServiceName=rtl8139
14_DisplayName=Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver
14_Description=
14_ServiceDll=
14_ImagePath=SYSTEM32\DRIVERS\RTL8139.SYS
15_ServiceName=WudfPf
15_DisplayName=Windows Driver Foundation - User-mode Driver Framework Platform Driver
15_Description=Provide communciation services for UMDF components.
15_ServiceDll=
15_ImagePath=SYSTEM32\DRIVERS\WUDFPF.SYS
16_ServiceName=WudfRd
16_DisplayName=Windows Driver Foundation - User-mode Driver Framework Reflector
16_Description=Reflect device requests to user-mode driver drivers
16_ServiceDll=
16_ImagePath=SYSTEM32\DRIVERS\WUDFRD.SYS
Max=16

[END]
Max=1

记得这个好像是ISP运行商的问题

问题不在你这个电脑上，楼主的环境应该是局域网或者共享上网的情况，网络内有别人的电脑中了ARP劫持。在你访问网站回来的数据中插入该网站，找到这台电脑，然后清理病毒即可。

又是用IE的 我一直都用火狐或者OPERA就从来没遇到这样的问题 安全性又高

以前遇到过
用RS卡卡助手的时候
后来卸载就啥事也没有

我用的是遨游。

这种广告最讨厌，以前都是在电线杆子上的......

引用:

原帖由 deepcool_039 于 2008-1-7 15:29 发表
记得这个好像是ISP运行商的问题

就是这么回事情
网通用户吧

先ping一下这个网站的根域名，得知其IP地址，然后在网镖的IP规则中将其添加进去，并且将其一切通讯设置为阻止！

或者使用火狐的adblock，将这个网站添加进去。就会清净了（如果导致这种现象的原因是因为在网页中添加了恶意连接所致...）

[ 本帖最后由 Fido_Lyy 于 2008-1-8 11:29 编辑 ]